Snort mailing list archives
snort-users mailinglist trigger snort
From: Martin Forest <martin () heimdalls co nz>
Date: Fri, 26 Apr 2002 14:13:14 +1200
snort-users mailinglist trigger snort.Snort have started to set off alert for me. I traced it down to the snort mailinglist.
The following incomming mail generated a snort alert.Apr 26 13:21:05 xxxxx sendmail[7077]: g3Q1L3t07077: from=<snort-users-admin () lists sourceforge net>, size=4708, class=-60, nrcpts=1, msgid=<20020425232008.GF8261 () trimble co nz>, proto=ESMTP, daemon=Daemon0, relay=usw-sf-fw2.sourceforge.net [216.136.171.252]
And this is the snort alert. [**] [1:654:1] SMTP RCPT TO overflow [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] 04/26-13:21:49.276080 216.136.171.252:62524 -> n.n.n.n:25 TCP TTL:50 TOS:0x0 ID:25837 IpLen:20 DgmLen:1500 DF ***A**** Seq: 0x69A7C95C Ack: 0x6A9DE587 Win: 0x7D78 TcpLen: 32 TCP Options (3) => NOP NOP TS: 1372299287 699121 [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0260] [Xref => http://www.securityfocus.com/bid/2283] Only some of the mail trigger snort. Does any one know why? /Martin Forest _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort-users mailinglist trigger snort Martin Forest (Apr 25)
- Re: snort-users mailinglist trigger snort Jason Haar (Apr 25)